Recovering Private Keys Generated with Weak PRNGs.

Recovering private keys generated with weak PRNGs

PA Fouque, M Tibouchi, JC Zapalowicz - Cryptography and Coding: 14th …, 2013 - Springer

Cryptography and Coding: 14th IMA International Conference, IMACC 2013, Oxford …, 2013•Springer

Suppose that the private key of discrete logarithm-based or factoring-based public-key
primitive is obtained by concatenating the outputs of a linear congruential generator. How
seriously is the scheme weakened as a result? While linear congruential generators are
cryptographically very weak “pseudorandom” number generators, the answer to that
question is not immediately obvious, since an adversary in such a setting does not get to
examine the outputs of the congruential generator directly, but can only obtain an implicit …

Abstract

While linear congruential generators are cryptographically very weak “pseudorandom” number generators, the answer to that question is not immediately obvious, since an adversary in such a setting does not get to examine the outputs of the congruential generator directly, but can only obtain an implicit hint about them—namely the public key.

In this paper, we take a closer look at that problem, and show that, in most cases, an attack does exist to retrieve the key much faster than with a naive exhaustive search on the seed of the generator.

The problem is similar to the one considered by Bellare, Goldwasser and Micciancio regarding DSA and “pseudorandomness”, and this line of work arguably has renewed relevance in view of the sensitive role that random number generation has been found to play in a number of recent noted papers, such as the one by Lenstra et al. at CRYPTO 2012.

Springer

Show moreShow less

Save Cite Cited by 10 Related articles All 14 versions

Showing the best result for this search. See all results

Cite

Advanced search

Saved to My library

Recovering private keys generated with weak PRNGs